Oracle releases critical patch for high risk Java security issues

Oracle has released a Critical Update Patch for Java SE, which fixes 40 major security issues.

Of the 40 fixes, four apply to server deployments of Java. 39 of the issues apply to the Java Runtime Environment, while the remaining one applies to Javadoc. Many of the vulnerabilities involved are high risk, with a maximum rating in Oracle's risk definitions.

All but three of the vulnerabilities can be exploited remotely, and the vast majority can result in attackers gaining complete access to and total control of users' systems.

Antivirus firm Qualys revealed a sharp rise in Java vulnerabilities this year, up to 137 so far, compared to 28 in 2012 and 38 in 2011.

Java has long been criticised for its security problems, but a warning earlier this year from the US Computer Emergency Readiness Team of the US Department of Homeland Security to disable Java unless absolutely necessary has scared many people away from using the platform.

The patch affects the JDK and JRE versions 5, 6 and 7. Apple has simultaneously released an update to fix the Java vulnerabilities in Mac OS X. The patch also includes a number of fixes for non-security bugs.

Qualys echoed Oracle in urging users to apply the new patch as soon as possible.